Get the E-Commerce Minute Newsletter from the E-Commerce Times » View Sample | Subscribe
Welcome Guest | Sign In
Women in Tech
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider

LinuxInsider Talkback

ECT News Community   »   LinuxInsider Talkback   »   Re: Nessus 3.0: The End of the Age of Open-Source Innocence?

Re: Nessus 3.0: The End of the Age of Open-Source Innocence?
Posted by: Jennifer LeClaire 2005-12-22 11:02:21
See Full Story

Nessus, maker of one of the most popular open-source vulnerability scanner programs available, changed its licensing agreement with the release of version 3.0.0 on December 12, causing a bit of a stir among security industry players that rely on the code as a component of their commercial solutions. The latest version is not available under the GPL license, but instead will be sold as a commercial product.

Re: Nessus 3.0: The End of the Age of Open-Source Innocence?
Posted by: rarce 2005-12-22 11:58:37 In reply to: Jennifer LeClaire
The article missed the most important option of a GPL'd piece of software.
The user community can fork the last GPL version and continue development on its own. The is no need to switch or pay the commercial fees if a sufficiently large contributing community has developed around the product. If there isn't a sufficient pool of developers available to keep it going, well, maybe its time for it to go.

Re: Nessus 3.0: The End of the Age of Open-Source Innocence?
Posted by: dossi 2006-04-08 10:15:11 In reply to: rarce
The company has likewise missed one _important_ aspect of Copyright Law (tm) ...
Many countries, especially in Europe, expressly prohibit completely giving up rights to produced works of coding, literature, etc.
To my knowledge, therefore, the company may very soon run into the legal issue of not being permitted to sell/provide the service for money, as soon as _one_single_developer_ from e.g. Germany issues a revokal of right-to-use. In this case, the software _and_ it's derivatives (mark the "derivatives") mentioned may _no_longer_ be used by the organization who has it's right-to-use revoked.
Interestingly, the revokal may apply to single entities, while still being generally granted to the rest of the world.
Especially important to note is a completely other issue. The various contributors to the code delivered the patches and amendments according to the GPL, which applies to the supplied code-fragments even though not expressly written. It is generally accepted, that code not expressly designated to be in the public-domain _is_not_public_domain_, but remains intellectual property of the author.
The permission for usage against pay must in this case expressly be granted in written form by the original author.
To migrate the GPLed code to "pay-ware" or closed-source is not permissable.
As _service_, though, the updates, etc. may very well be priced, as long as the code itself remains in the GPL, the various customers, though, may (as the code remains in GPL) exchange and distribute the GPL-code in disregard of the timing-scheme intended by companies.
To exactly analyse what applies, what not, where the drawbacks, and loopholes lie ... is a job for the legaleses to deal with ...
P.S.: Some or all of the comments above may or may not apply to you depending upon local laws and regulations :D
P.P.S.: This represents a personal opinion of the author
P.P.P.S.: This posting was created in germany :D
Jump to: